Cyber Readiness Workshops

Pre-Workshop

Two months of weekly calls with worksheets that will help pre-build your documentation prior to your arrival:

• Cyber Risk Narrative review & development
• InfoSec policy review & development
• Corporate Crisis Management Plan / COOP review
• Crisis Communications SOP review
• SIEM Correlation logic (aka “context”) build out

Day 1: Top Down

Neal: The New ERA of BOD Cyber Risk Oversight

• The recent SEC guidance raising the bar for BODs.
• Leveraging industry frameworks (e.g., PCI, NIST, ENISA, ISO 27K, etc.) when presenting to your BOD.
• “Policy – Plan – Procedure.
• Development of your InfoSec Policy
• Development of your IR Policy
• The CIRP Executive Management Overview.*

Colin: Working with the Board

• Know your Board
• What matters to the Board
• What does the Board expect from you
• Coaching your Board

Day 2: “Risk Based”

Neal: Your BOD understands risk. Make sure your IR/InfoSec is Risk-Based.

• Enterprise Risk Management (ERM) 101
• Risk-Based IR & InfoSec Approach
• Leveraging “Context” of your highest risks to develop specific controls

The Benefits

• Validation of your Controls Frameworks, Policy Objectives, and overall Organizational Information Security objectives
• Context is essential in developing Detective controls such as SIEM correlation logic and event Runbooks (true story)
• During an actual Cyber Intrusion Incident, it is critical the organization has an idea of what “normal” looks like so they can quickly identify “abnormal.”
• Privileged Access Management – Just the manual version (true story)
• Segregation of Duty/Single Point of Failure Analysis (true story)
• Validating/Improving your Logging Strategy
• Developing/Improving your Containment Plan
• Identify High-Risk Users, Service Accounts, etc.
• “90% of your Cyber Risk lies in 5% of Users” (true story)

Colin: Operational Excellence

• Financial management
• Building & developing the security team
• Security operations & incident response
• Metrics that matter

Day 3: Business Due Diligence

Neal: Helping you work with the rest of the management team

• Ensure a “Business-Focused” approach
• Requirements Driven Execution*
• Cyber Insurance 101*
• Crisis Management 101
• CIRP Incident Coordinator Quick Guide Review*

Colin: Business Aligned Security Strategy

• Business objectives & threat landscape
• Building a risk-based security strategy
• Compliance & governance in strategy
• Cybersecurity’s value to the business

Workshop Deliverables

• Customized Cyber Risk Narrative Example*
• Customized Draft InfoSec Policy
• Board Ready Presentations
• Sample 7×24 Turnover/Management briefing slides
• ERM Cyber Risk Portfolio Example.
• Sample Cyber Risk x InfoSec Framework Matrix for your highest value cyber risk item to demonstrate that your program is aligned with your cyber risks
• “Context” worksheet for your highest value cyber risk items
• Starter SIEM Correlation logic for your highest value cyber risk item
• A certificate for 18 CPE hours
• A signed copy of my McGraw-Hill CIRP book*

Items with an asterisk (*) are also provided in the CIRP workshop.

Full Disclosure: Colin is still functioning as a full-time CISO. His participation in each workshop may differ based on its location and his availability. His presentations may be pre-recorded and should last approximately two hours. Colin will then be available either by Microsoft Teams call or onsite to answer any questions for the third hour.